AWS solutions medium security documentation change
Summary
Added S3 bucket policy example for ELB log delivery
Security assessment
The new example policy explicitly grants s3:PutObject permission to ELB log delivery service. This prevents misconfigurations that could block log delivery or require overly permissive policies, addressing potential visibility gaps. Proper logging is critical for security monitoring.
Diff
diff --git a/solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md b/solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md index 088663d30..cf72a2f69 100644 --- a//solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md +++ b//solutions/latest/clickstream-analytics-on-aws/ingestion-endpoint.md @@ -103,0 +104,21 @@ Below is an example policy for the bucket in Regions available before August 202 +JSON + + +**** + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "logdelivery.elasticloadbalancing.amazonaws.com" + }, + "Action": "s3:PutObject", + "Resource": "arn:aws:s3:::amzn-s3-demo-bucket/prefix/AWSLogs/123456789012/*" + } + ] + } + +